- Visit SANS, Sophos, SC magazine, and InfoSecurity magazine websites to sign up for news feeds -
16 June 2013 - Police Using Driver's License Photo Databases in Criminal Investigations
Over the past several years, US states began collecting searchable photo ID databases for the purpose of thwarting driver's license fraud, but the information is increasingly being used by law enforcement to identify criminal suspects, accomplices, and in some cases, just bystanders related to investigations. The databases are required to be used only for "law enforcement purposes," criteria vague enough to suggest they can be used in a variety of situations. The information is used to develop investigative leads, not to make positive identification. Using facial recognition technology, law enforcement agents have mined the databases for information and caught serious criminals. The problem is, the driver's license photo databases are not criminal databases, but are being used as if they were. The state databases are becoming increasingly interconnected, which is giving law enforcement officers a de facto national identification system. The recent Supreme Court ruling allowing the collection of DNA samples from people who are arrested could just add to the amount of information that law enforcement will have at their fingertips. Thirty-seven US states use facial recognition technology in license registries. Twenty-six of those states permit law enforcement agents at the local, state, and federal levels to search their databases to help identify people relevant to their investigations.
11 June 2013 - State Prosecutors Introduce "Save Our Smartphones" Initiative
A group of law enforcement officials, politicians, and consumer advocates aim to help fight the growing theft of smartphones, which has reached "epidemic" proportions, according to San Francisco District Attorney George Gascon. The group plans to ask the manufacturers of the most widely used devices - Apple, Google/Motorola, Microsoft, and Samsung - to develop features that make the phones less attractive to thieves. The announcement of the initiative came on the same day that Gascon and New York Attorney General Eric Schneiderman were hosting a Smartphone Summit with representatives from major smartphone makers.
11 June 2013 - Twelve-Year Prison Sentence for Man Who Sold Pirated Industrial Software
A man from Chengdu, China has been sentenced to 12 years in prison for his role in a software piracy operation that sold over US $100 million worth of software. Xiang Li, who operated a website that sold pirated software, was convicted of conspiracy to commit wire fraud and criminal copyright infringement. The software sold on the site was largely industrial grade, much of it designed for aerospace simulation and design, defense, intelligence gathering, and manufacturing plant design, and other technical applications. Li was arrested two years ago when US agents posing as businessmen set up a meeting with him in the Northern Mariana Islands, which is a protectorate of the US and therefore falls under US jurisdiction.
10 June 2013 - Prison Terms for Two in Phishing Scheme
A US district judge in Connecticut has sentenced two Romanian men to prison for their roles in a phishing scheme. Bogdan Boceanu received an 80-month sentence and Andrei Bolovan received a 27-month sentence. In December, Bolovan pleaded guilty to conspiracy to commit fraud in connection with access devices. That same month, a jury found Boceanu guilty of the same charge as well as one charge of conspiracy to commit bank fraud. In all, 19 people are believed to have been involved in the scheme, which phished for payment card information, then used that information to make fraudulent withdrawals from ATMs.
31 May 2013 - Multi-Factor Authentication May Someday be Available As Tattoos and Pills
Motorola Mobility has demonstrated two authentication technologies that remove the need for people to carry around devices for two-factor authentication. The first is an electronic tattoo, a flexible, water-resistant sticker that lasts for several days. The second is a capsule that people can swallow daily. Its components are activated by stomach acids to emit a signal. Motorola said that the US Food and Drug Administration (FDA) has cleared the pill authentication technology for human use.
23 May 2013 - Commission Seeks Stronger Action be Taken to Protect Intellectual Property
The Commission on the Theft of American Intellectual Property, a private organization, has issued a report arguing that US companies should be permitted to act aggressively to prevent hackers from stealing their intellectual property. The report notes that "hundreds of billions of dollars" worth of US intellectual property (IP) is stolen each year, and estimates that China is responsible for 50 to 80 percent of international intellectual property theft. In addition, "the slow pace of legal remedies for IP infringement does not meet the needs of companies whose products have rapid product life and profit cycles." The paper also makes a case for creating disincentives to IP theft by making it unprofitable. The report calls for laws to allow intellectual property owners to retrieve or "render inoperable" stolen IP. The process would be helped through increased "meta-tagging," "beaconing,"
and "watermarking," technology that basically has a phone home effect, letting IP holders known when information has been stolen.
13 May 2013 - Malicious Browser Extensions Hijack Facebook Accounts
According to a warning from Microsoft's Malware Protection Center, a Trojan horse program called JS/Febipos.A is taking control of Facebook accounts by disguising itself as a legitimate Firefox add-on or Google Chrome extension. The Trojan checks to see if users are logged in to Facebook, then receives configuration instructions from a remote site which enable it to perform most Facebook activity posing as the user.
The issue currently affects users in Brazil.
13 May 2013 - NY Attorney General Wants Mobile Phone Companies to Help Thwart Device Theft
New York State Attorney General Eric Schneiderman has sent letters to the CEOs of Apple, Samsung, Google, Motorola, and Microsoft asking them to specify what they are doing to make phones less susceptible to theft.
Schneiderman asked why the companies do not offer technology that would make stolen phones useless, which would deter thieves.
10 May 2013 - US Government is the Largest Purchaser of Hacking Tools
According to a report from Reuters, the US government is the single largest buyer in the "gray market" of offensive hacking tools. While tools that exploit unknown vulnerabilities provide a tactical advantage, not disclosing the flaws leaves other organizations, including those in the US, vulnerable to attacks. Former high level cybersecurity officials have expressed concern about the situation. Former White House cybersecurity advisor Richard Clarke said, "If the US government knows of a vulnerability that can be exploited, under normal circumstances, its first obligation is to tell US users." Howard Schmidt, also a former White House cybersecurity advisor, said, "It's pretty naive to believe that with a newly-discovered zero-day, you are the only one in the world that's discovered it." And former NSA director Michael Hayden said that although "there has been a traditional calculus between protecting your offensive capability and strengthening your defense, it might be time now to readdress that at an important policy level." Paying the vulnerability purveyors for the malware also removes the incentive for talented hackers to inform software makers about the flaws.
3 May 2013 - Man Allegedly Hacked Former Employer's System
A New York man has been arrested for allegedly damaging his former employer's computer systems. Michael Meneses allegedly caused more than US $90,000 in damage to the Spellman High Voltage Electronics Corporation. While employed by Spellman, Meneses co-managed the company's enterprise resources management application. In late 2011, he was reportedly angry after he was passed over for a promotion, and he submitted his resignation. Some former colleagues reported that Meneses copied files from his company computer to a flash drive. The details of what he then did are vague. He allegedly stole access credentials and "corrupt[ed] the network." He allegedly changed the company's business calendar. That activity was traced to a North Carolina hotel close to Meneses's new job, and records showed that he had been staying at the hotel at the time of the intrusions.
3 May 2013 - FTC to Hold Hearing on Identity Theft and Senior Citizens
The US Federal Trade Commission (FTC) plans to hold a hearing on Tuesday, May 7 at which it will look into identity theft schemes perpetrated on senior citizens, including tax and government benefit identity theft; long term care identity theft; and medical identity theft, which is occurring with increasing frequency. One study said that about two million US citizens are victims of medical identity theft every year. The incidents cost an average of US $20,000 to resolve. The hearing will also look at ways of educating senior citizens about these issues.
3 May 2013 - Middle School Students Phish Teachers' Admin Credentials
Students at a middle school in Alaska managed to trick teachers into providing their administrative access credentials and then used the access to control classmates' computers. The students are 12 and 13 years old. At least 18 students involved in the scheme gained control of more than 300 computers at Schoenbar Middle School in Ketchikan, Alaska. The students manipulated the computers so that teachers thought they were entering their access credentials to allow installation of software updates.
1 May 2013 - US Government Is Website Serving Malware To Citizens
A US Department of Labor website was found to be serving up malware to unsuspecting citizens through drive-by download attacks. The code embedded in the Site Exposure Matrices (SEM) page redirects users to other pages that installed malware on their computers. Once redirected, a script attempts to exploit a known flaw in Internet Explorer to install a backdoor that facilitates communication between the infected computer and machines controlled by the hackers. Sadly far too many people have not installed the patch, so their systems are being infected.
1 May 2013 - US Army Corps of Engineers' Database Breached
Someone used stolen credentials to gain access to the US Army Corps of Engineers' National Inventory of Dams (NID) database. The breach reportedly began in January but was not detected until April. The intruder gained access to "sensitive fields of information not generally available to the public." Once the US Army Corps of Engineers realized that the individual was not "authorized [to have] full access to the NID," the credentials were revoked. A US Army Corps of Engineers spokesperson said the breach does not pose a public threat.
29 April 2013 - The Guardian's Twitter Accounts Hijacked
The same group that hijacked the Associated Press's Twitter feed last week is now claiming responsibility for taking over Twitter accounts belonging to the UK newspaper The Guardian. The Syrian Electronic Army claims to have taken control of 11 Twitter feeds at the Guardian. The attack occurred over the weekend; as of Monday, Twitter had suspended most of the hijacked Guardian accounts. Following last week's AP incident, which resulted in a phony tweet claiming that there had been an attack on the White House, Twitter announced that it is conducting internal testing of two-factor authentication.
26 April 2013 - LivingSocial Hacked, User Passwords Reset
Hackers have compromised a database belonging to the LivingSocial daily deals website; the breach affects more than 50 million users. The cyberthieves managed to steal names, email addresses, birthdates and encrypted passwords. Affected users are being urged to change their passwords. Fortunately, customers' financial information is stored separately and did not fall prey to the attackers. LivingSocial has not provided details about what sort of attack was used to access the data.
26 April 2013 - Travnet Trojan Steals Data
The Travnet Trojan horse program compresses stolen files and uploads them to remote servers. Travnet is being used in targeted attacks. It collects information about the computers it infects, including IP addresses, IP configuration data, and running processes. It is capable of stealing a variety of document types. Travnet has been infecting computers through email and exploiting known and patched flaws in Microsoft Office.
24 April 2013 - Judge Denies FBI Permission to Install Surveillance Software on Suspect's Computer
The FBI may not install specialized surveillance software on a suspect's computer, according to a ruling from a federal magistrate judge. Judge Stephen Smith said that the order requested by the FBI was too broad and too invasive. The FBI had sought permission to install specialized software on a computer used by the suspect; the software "has the capacity to search the computer's hard drive, random access memory, and other storage media; to activate the computer's ... camera; to generate [location] data for the device; and to transmit the extracted data to FBI agents." The judge also took the FBI to task for failing to specify how the operation would be certain to target the suspect and no one else.
20 April 2013 - BadNews Malware Snuck Into Google Play Apps
Malware known as BadNews has been downloaded from Google Play at least two million times. BadNews was found to have been hidden in at least 32 separate apps from four different developers. The malware was added to the apps after they had been submitted to Google Play. Infected Android devices connect to remote servers every four hours to send harvested data, including device phone numbers and unique serial numbers. The remote servers also instruct infected devices to install a Trojan horse program called AlphaSMS that sends text messages to numbers that incur charges. Google has removed the infected apps.
19 April 2013 - Former Hosting Provider Admin Allegedly Placed backdoors on 2,700 Servers
A man who was once employed by hosting provider Hostgator has been arrested and charged with breach of computer security. Eric Gunnar Gisse worked as an administrator at Hostgator from September 2011 through February 15, 2012. He allegedly installed backdoors on more than 2,700 company servers. The day after Gisse was dismissed from his position, officials at Hostgator detected the backdoor application that he had installed. The backdoor was disguised to look like a Unix administration tool.
19 April 2013 - Siri Retains Query Data for Two Years
Apple has revealed that it retains information about questions users ask Siri for as long as two years, although the company does try to anonymize the data. Siri queries are sent to Apple's servers, where they are assigned an identifier - not an AppleID or email address - that links the voice files to the device from which they were sent. After six months, the identifier is removed, but the query data are retained to help Apple with product testing and improvement. The disclosure of Apple's data retention practices comes in response to pressure from American Civil Liberties Union (ACLU) lawyer Nicole Ozer, who said that that Apple does not do enough to let customers know their privacy rights.
17 April 2013 - Microsoft to Begin Offering Two-Factor Authentication
Microsoft will start offering two-factor authentication to Microsoft Account users on an optional basis. The scheme will be much like those used by Google, Apple, and Facebook in which accounts are protected with both a password and a one-time passcode sent to users in a text message or generated by an authentication app. Users will have the opportunity to designate certain devices as trusted on which they do not need to use two-factor authentication.
17 April 2013 - Microsoft: Web Based Threats More Prevalent Than Network Threats
According to Microsoft's Security Intelligence Report, web-based threats pose a greater risk to enterprise networks than do worms that spread through the network. This is the first time in four years that Conficker has not topped the list of threats to enterprise networks. That position is now occupied by IframeRef malware.
17 April 2013 - Study Says Home Routers Vulnerable to Attacks
Many widely used home routers are easy to hack into, according to a study by a company called Independent Security Evaluators. A test found
13 of the most popular home routers had easily remotely exploitable vulnerabilities that could be used to snoop on or modify network traffic. All of the routers tested were using the most recent firmware and were tested with their out-of-the box default configurations.